I built an AI vulnerability scanner with Claude and Codex. It failed
The Janitor is a new AI vulnerability scanner designed to detect and prevent vulnerabilities introduced by autonomous AI agents. It employs advanced mathematical methods to verify code integrity before merging pull requests. Despite its innovative approach, the article highlights the evolving threat landscape of AI-assisted code vulnerabilities.
- ▪The Janitor implements three formally verified layers for vulnerability detection.
- ▪AI-assisted code contains 36% more high-severity vulnerabilities than human-written code, according to the Veracode 2025 report.
- ▪The Janitor is designed to mathematically verify intent before code enters the repository.
Opening excerpt (first ~120 words) tap to expand
The Janitor: The Mathematical Firewall Against Autonomous AI v10.2.2 — Rust-Native. Zero-Copy. Dual-PQC Attestation. SLSA Level 4 Reproducible Builds. *Attested by The Janitor v10.2.2 Research Foundation For grant reviewers and academic collaborators: The Janitor implements three formally verified layers — IFDS interprocedural taint analysis across 23 language grammars, Kani-proven Boolean predicates for detection correctness, and Z3 SMT exploit witness synthesis. Full research brief: docs/grant-research-brief.md. : Zero-Upload, FIPS 204 + FIPS 205 Compliant.* Sonar finds style violations. The Janitor enforces structural integrity. 82% of open Godot Engine pull requests contain no issue link. 20% introduce language antipatterns. Zero comment scanners caught it.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.